<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Access Control by URL</TITLE>
</HEAD>

<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<BODY
 BGCOLOR="#FFFFFF"
 TEXT="#000000"
 LINK="#0000FF"
 VLINK="#000080"
 ALINK="#FF0000"
>
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Access Control by URL</H1>

<h2><a name="location">The <code>&lt;Location&gt;</code> Directive</a></h2>

<strong>Syntax:</strong> &lt;Location <em>URL prefix</em>&gt;<br>
<strong>Context:</strong> server config, virtual host<br>
<strong>Status:</strong> core<br>

<p>The &lt;Location&gt; directive provides for access control by
URL. It is comparable to the <a
href="mod/core.html#directory">&lt;Directory&gt;</a> directive, and
should be matched with a &lt;/Location&gt; directive. Directives that
apply to the URL given should be listen
within. <code>&lt;Location&gt;</code> sections are processed in the
order they appear in the configuration file, after the
&lt;Directory&gt; sections and <code>.htaccess</code> files are
read.</p>

<p>Note that, due to the way HTTP functions, <em>URL prefix</em>
should, save for proxy requests, be of the form <code>/path/</code>,
and should not include the <code>http://servername</code>. It doesn't
necessarily have to protect a directory (it can be an individual
file, or a number of files), and can include wild-cards.  In a wild-card
string, `?' matches any single character, and `*' matches any
sequences of characters.

<p>This functionality is especially useful when combined with the
<code><a href="mod/mod_mime.html#sethandler">SetHandler</a></code>
directive. For example, to enable status requests, but allow them only
from browsers at foo.com, you might use:

<pre>
    &lt;Location /status&gt;
    SetHandler server-status
    order deny,allow
    deny from all
    allow from .foo.com
    &lt;/Location&gt;
</pre>

<!--#include virtual="footer.html" -->
</BODY>
</HTML>

